TDRP

Technology Disaster Recovery Plan

Written By: Spencer Wade
Information Technology

Table of ContentsReport Summary (Introduction) 1
Goals and Objectives. 10
Project Timeline. 17
Project Development 23
References. 28
Appendix 1 Competency Matrix. 31
Appendix 2 Chief Executive Checklist 33
Appendix 3 Employee Contact List 34
Appendix 4 Department Instructions. 37
Appendix 5 Chief Financial Checklist 38
Appendix 6 IT Director Instructions Second Location. 39
Appendix 7 IT & Telecom Coordination Checklist 40
Appendix 8 Software Information. 41
Appendix 9 Minimum Hardware Required. 42
Appendix 10 Hardware Recovery Order 43
Appendix 11 HR Coordination Checklist 44
Appendix 12 PR Coordination Checklist 45
Appendix 13 Main Service Providers. 46
Appendix 14 Vendor List 48
Appendix 15 Communication Information. 50
Appendix 16 Pre-Evacuation Report 51
Appendix 17 Emergency Personnel Policy Statement 52
Appendix 18 Recovery Locations. 53
Appendix 19 Activity & Needs Sample. 54
Glossary. 55

Report Summary

The Disaster Recovery Plan (DRP) is the business world’s response to the uncertainties faced in the modern world of interconnection and globalization. The attacks on September 11, 2001, natural disasters like Hurricane Sandy, and cyber violations of all types are possibilities that companies can no longer afford to ignore. The most efficient, comprehensive way to combat the negative effects brought about by a disaster is for a company to have a thoroughly tested disaster recovery plan in place. The proposal submitted to the company was for just such a plan to be designed and implemented in order to safeguard the data and systems relied on to complete normal day-to-day operations.

The DRP is an attempt to safeguard the assets and employees of the client company from the impacts of a disaster. It focuses on the technology used to perform the normal operations of the company in order to facilitate the timely resumption of business following an event. The plan uses a secondary office space to house the skeleton crew after an event, and an off-site, climate controlled storage facility to store the data backups necessary to resume operations. A roster of mandatory personnel was created to staff the secondary site, and procedures for adapting the second branch’s server to run main office function were put in place.

The plan addressed the technological aspects of disaster recovery by stocking the secondary site with the necessary equipment, software, and documentation used for normal operations. The IT director of the second branch was supplied with the instructions for changeover of the server, and data backups from the storage facility. This will allow him to efficiently restore functionality to the affected systems, and get the secondary site up and ready for operations. The server is programmed to send out automated emails to all staff detailing the current situation, and informing them of the company’s directives concerning their positions.

The formulation of the plan was a many step process that looked at both the workforce and the systems necessary to provide operational coverage should an event take place. A well written, completely thought out DRP can save a business millions in losses by simply defining the procedures and assets needed to sidestep the damage caused by whatever calamity has occurred.

The project called for a technology disaster recovery plan to be designed for a company in the finance industry. This disaster recovery plan would be shared between the two branches the company runs in different states. It began with a risk assessment compiled after interviewing the company’s employees, inspecting the systems and structures used by the company, and analyzing the budgetary limitations. The risk assessment allowed for the creation of a Business Impact Analysis (BIA). The BIA was delivered to management in order to educate them on the potential weaknesses found during the risk assessment, and the steps to be taken in the plan to mitigate the damage if any of the weaknesses were to fail during an event.

The DRP created a committee of employees to oversee the implementation and testing of the plan. The committee is responsible for the education and concerns of the workforce, and has been given all the tools to answer any questions brought to them by the staff. The plan takes advantage of the second location the company operates in another state to keep processes going smoothly in an emergency. The second location has a server that has been adapted to run the business processes of both locations, and the plan installed software that would accomplish this in a disaster.

The plan centered on the secondary server available at the company’s other branch office. The existence of a server able to mirror the processes needed for daily operation gave flexibility to the plan. It allowed for the procurement of a secondary office space stocked with the necessary equipment and documentation needed for a skeleton crew of employees to perform all the company’s daily operations. Every step of the project was developed with the assistance of management and workforce input. This allowed for the needs of the staff and expectations of management to be addressed in every process, and aided in company-wide acceptance of the finalized product.

There are many disaster recovery plans available to research and study. These plans vary greatly in their focus and detail depending upon the criteria necessary to safeguard a specific company. The articles and papers used as resources for this proposal are outlined below, and will offer support for the comprehensive plan that has been formulated for this project.

The Disaster Recovery Planning Process by Geoffrey H. Wold was written in three parts, and all of these were used to come up with a proper framework for the DRP constructed for the proposal. These articles detail the specific steps that need to be taken in order to thoroughly plan for any eventuality that may occur during a disaster. This three-part planning document describes the checklists necessary to ensure that no stone is left unturned, and that all phases of company operations are included in the final plan.

Mr. Wold’s paper covers everything from a Business Impact Analysis (BIA) to testing procedures that focus on the individual departments that make up the company. The options and alternatives given are thorough and cover a wide range of budgetary concerns and manpower necessities. It described in detail the proper writing style used in modern proposals, and gave examples of successful proposals that used the correct formatting and wording. The paper gave an exhaustive list of the assumptions a plan designer needs to understand in order to write the most efficient disaster recovery plan possible for their client. The article also gives excellent advice on how to put together the documentation that will be used in testing and maintaining the readiness of the plan.

The DRP constructed for the client relied heavily on this article. The BIA that was given as an example was adapted to fit the company’s risk assessment, and was the basis for all of the decisions made concerning the weaknesses in the company. The options outlined in the article assisted in the choice of a secondary office site and off-site storage facility. This resource proved invaluable to the overall design process.

The article written by Robert F. Bronner, Banking Industry and Disaster Recovery Planning, was another invaluable resource used when compiling this disaster recovery plan. This article is focused on the banking industry, and the ways in which that industry has pushed disaster planning along over the years. It discusses many of the dangers a company may face during a disaster, and the means used by the banking industry to combat them. As leaders in the field of disaster planning, banks are incredible places to research the most advanced ways to defend against a man-made or natural disaster.

The article takes time to explain why a disaster recovery plan is so important, and how proactive planning is the most critical part of the overall process. The planning phase is where all the possibilities can be studied and solutions can be formulated. The planning must include senior management since their roles will become even more important once the actual crisis arises. This phase is where the outsourcing options available during a disaster need to be discussed and decided upon.

The article then tackles the questions posed by the all-important testing phase of the implemented plan. The testing procedures and documentation necessary need to be decided upon, and a plan for updating and overhauling must be outlined in order to allow the business room to upgrade and streamline its technological assets. It goes into detail on the process of electronic vaulting. This is the process used when a company has a secondary site that can
handle all of the daily functions of the site facing disaster, and all of the relevant data is mirrored between the two sites on a constant basis. Though expensive, this option is the only real way to guarantee no data is lost during the upheaval caused by any disaster.

The article by Mr. Bronner introduced the concept of mirroring data between two servers. This was the final choice for safeguarding the company’s data due to the existence of the second server at the company’s other location. The article gave instruction on how the process works, and allowed the finalized plan to proceed secure in the knowledge that the data needed for company operations was secure and ready to use in the aftermath of a disaster.

The proposal also used the article written by Darril Gibson, Hot, Cold, and Warm Sites, to understand the options available in off-site facilities, and to tailor the best possible alternative for the company the plan is designed for in order to stay within budgetary constraints. The article covers the continuity of operations (COOP) sites leased or purchased as the backbone of a good disaster recovery plan.

The article addresses the differences between the three types of sites that can be acquired by a company, and the pros and cons of each. The cold site, for example, is simply a site that has power and internet access that can be used by the employees in a disaster area, but it has no systems set up at the time of the crisis. The necessary systems must be transported to the site from either an off-site storage or the original business location. A warm site has some of the
systems needed for everyday operation along with power and access to the internet, yet the majority of the technology the company will need to operate will have to be delivered to the site. The hot site is an exact replica, in most aspects, to the location evacuated by the company due to the disaster, and as such will have all the necessary data and systems needed for the company to function normally.

This article gave all the information necessary to decide on the proper site for the company to use to resume operations. The description of each was detailed and the pros and cons of each were discussed. This aided the client in choosing the site that best matched the needs of their workforce and the constraints of their budget. The company chose to lease a warm site, and the plan covered all of the equipment, software, and staff necessary to operate the site successfully.

The FEMA Disaster Planning site was also an excellent resource while assembling this disaster recovery plan. The site lays out, in detail, the proper steps one should follow when constructing a plan for mitigating the damage a disaster facing a company may cause. It details the choices a company has when formulating a plan, and gives an unbiased description of the benefits of each option. These choices range from outsourcing, off-site storage of data, and alternative site options.

The website details the possible avenues of data backup, and discusses the costs and benefits of the different options available. The types of systems used can affect the type of service the company can rely on to preserve their relevant data. The article goes into the ways to match the company with an off-site vendor for storing data and technical products that will be needed should a disaster ever strike. It also focuses on the potential for loss if these decisions are
not made with the proper information and in a timely manner.

The FEMA website was consulted at every point during the formulation of the company’s DRP. The attention to detail that went into the construction of the plan was a direct result of the strategies outlined at this site. The decisions to lease a secondary site, to procure off-site storage, and to stock each with all relevant equipment and data came directly from this website. It also gave the costs and benefits associated with all types of data storage and backup. This information was a roadmap for the choices made during creation of this disaster recovery plan.

These articles and websites have been an excellent source of information, and have greatly accelerated the process of developing this disaster recovery plan. Each of the items focused on different aspects of the finished product, so using all of them aided in the development of a fully thought out, easy to use plan that will be adaptable and flexible enough to last for the foreseeable future. The final proposal is an original, specifically tailored piece of planning that greatly benefited from the assistance gained from these sources.

The Rationale and Systems Analysis section of the proposal focused on the reasons for the steps outlined in the disaster recovery plan (DRP). The reasoning behind the procedures was an important part of the education phase of the plan. It assisted the employees in comprehension and acceptance of the overall process. It also included a thorough examination of the systems, both software and hardware, used within the company to perform day-to-day operations. This
analysis was invaluable to the planning phase as it allowed for the most streamlined, efficient use of time, manpower, and IT budget. Once a comprehensive list of systems was compiled and analyzed the necessities for disaster recovery became clear, and the establishment of a secondary site stocked with all necessary systems was completed.

There were numerous reasons for developing a disaster recovery plan. The most important of these was safeguarding and restoring critical data during a crisis. The evidence for preparing a comprehensive plan is overwhelming. Companies that do not have such a plan are almost always doomed to failure. The Federal Emergency Management Agency (FEMA) estimates that nearly 80% of the companies that face a disaster without a disaster recovery plan fail within a year of the event. This is largely due to data loss that occurs when power and communications face disruption. The prevention of data loss was the goal of this proposal, and if the plan is followed to the letter this will easily be accomplished.

The process of formulating this disaster recovery plan was complex and detail-oriented. This was a reflection of the complexities faced by a company after an event has occurred. Day-to-day operations can become routine for employees, but during a disaster these routines can become almost impossible to execute. Many factors are involved with even the simplest company policy, and these factors become more difficult to predict once a crisis is underway. Disaster recovery planning is all about thinking through any eventuality, and even having contingency plans for the possibilities that were not expected. A proactive approach is critical to the disaster recovery process. Planning is vital to disaster recovery because the primary objective
is to avoid problems before they occur.

The reasons for a disaster recovery plan to be adopted are many and varied, but are clear to anyone who takes the time to research the aftereffects of a disaster on businesses in the area. The systems analysis was of primary importance when planning for the company’s recovery from an event. The analysis gave a detailed list of the hardware, software, and equipment components necessary for resuming operations. The company relies on software to facilitate the transactions of day-to-day business, and this software must have hardware to run it. Communication systems are also pivotal in normal company processes. These were included in the planning phases, and alternates were included in the secondary site for use in a crisis.

The systems and equipment used by the company are standard products, and replacements or backups have been purchased from office supply stores. The software is proprietary and has been copied to fully cover all equipment that is software-dependent. The software has been disseminated to all locations where needed during an event.

Goals and Objectives

The Disaster Recovery Plan is an important tool for safeguarding a company’s assets in terms of people and technology. The precise makeup of the plan was dictated by the needs of the company and its staff. These needs range from connectivity to specific software, but are in no ways limited to technology. This was reflected in the Technology Disaster Recovery Plan, and in the goals and objectives list compiled during the process of completing that plan.

Time is the real enemy when disaster strikes. The plan aims to maximize the amount of preparations taken prior to an emergency, so that employees are not called upon to disassemble the technological tools at the location endangered by the disaster. Time spent in preparation is time saved during the actual event, and allows for the greatest efficiency during the changeover. Employees need time to check on their family, housing, etc., and preparation time greatly reduces the strain on the workforce.

The first goal of this disaster recovery plan is the reduction of overall risk the organization faces in the event of a disaster; be it man made or natural. The risk assessment indicated the areas of greatest risk facing the company during a crisis, and the disaster recovery plan called for these areas to be the main focus of initial efforts. This gave an umbrella of protection for key departments until the full plan had been instituted, tested, and approved.

Understanding

The best way to serve the client was to understand them, their needs, and their expectations. This was accomplished through questionnaires, interviews, and inspections. The questionnaires handed out were completely anonymous in order to facilitate honesty in answering, and the interviews were conducted with all key department heads and their staff. Inspections were performed to locate all weak points in the structure, the systems, and the workforce, so the plan designed entailed all aspects of the physical location and the technology needed to run operations. This was accomplished within the first few days, and there were no unforeseen issues.

Vulnerability

The Disaster Recovery Plan was based on information gathered through inspection and the company’s own employee perspectives. After careful examination, vulnerabilities were evident in operating procedures, physical space, equipment, and data integrity. The plan called for the use of the company’s second location to be converted into the main processing facility during an event. This site has a server capable of mirroring the data from the primary server, and the software and data backups needed to accomplish this were installed. This gave the company a viable backup for its server and critical data. The server was successfully set up at the secondary location, and the instructions necessary for the IT director were delivered without incident.

Rapid Response

The DRP was developed to allow the company to rapidly respond to any crisis. The plan contained a list of emergency contact numbers for each of the key personnel, and stored copies of the lists at the secondary space and the storage facility. These copies were placed in locations
where they are accessible 24 hours a day, seven days a week, and 365 days a year. The server
was programmed to send out emails to all company personnel in the event of a disaster informing them of the company’s expectations, the location of new operations center, and instructions for emergency contact. The steps to rapid response were all included in the plan, and no problems arose during implementation.

Short Term Recovery

The plan for short term recovery after a disaster consisted of doing more with less. It outlined the personnel necessary to staff the secondary office space, and the processes by which they would accomplish day-to-day operations. The server at the other location handles all the relevant software and processing functions, and the equipment already on-site allows for the resumption of normal operations with no down time. This is the immediate response portion of the plan, and once completed allows the workforce to get back to work efficiently. This covers the first 10-14 days following the event. There were no issues faced during implementation and testing of this phase of the DRP.

Long Term Recovery

Long-term recovery following a disaster wholly depends upon what type of disaster occurred, how badly damaged the structure/infrastructure is, and how city, state, and local responders are coping with the catastrophe. The DRP is written from the standpoint of a worst case scenario, so the long-term recovery has been laid out in an easy to understand manner. The plan takes recovery in stages, and has the proper steps to take as time moves on from the crisis. The scope of the disaster dictates the required steps, but the plan includes a complete list of the necessary milestones the company will need to accomplish to stay on target for reopening. The DRP prioritizes the order of functions resumed, and gives detailed instructions on how to resume normal business operations. The long-term recovery plans were approved by management, and no problems arose afterward concerning this phase of planning.

Off-Site Storage Facility

The plan calls for the procurement of an off-site storage location. This allows for the safe storage offsite of hard copy and any necessary data backups in the event of a disaster. Copies of this DRP are stored in this location to maintain the integrity of the process during a crisis. The storage facility is climate controlled to insure that paper documents will not be adversely affected by weather conditions. It was recommended that this facility be located no closer than 25 miles from the main office location. Once the lease for the storage is finalized it will need to be added to the budget for monthly rental payments.

The plan ran into one of the only issues it faced during this phase of the process. The company leased a storage facility less than five miles from their location. This went against the plan’s recommendation of no closer than 25 miles from the company’s office site. After meeting with management, the lease was canceled at the storage facility, and a climate controlled site was located outside of the 25 mile radius. The management approved this change at the request of the plan designers, and the issue was resolved with no further attention.

Secondary Business Site

The DRP requires the company to lease a secondary office space suitable for operations during the disaster. This space needed to be large enough to accommodate the upper management team including the Chief Executive Officer, the Chief Financial Officer, the Chief Information Officer, and three support staff. The site is preloaded with the necessary tools to complete day-to-day operations. This includes both hard copy documentation and all office hardware/software used to perform each staff member’s duties. A list was compiled to identify the office equipment and supplies that are mandatory for resuming operations. These items will be stored at the secondary location. This was accomplished on time, and with no issues unresolved.

Data Collection

The recovery plan is in place to safeguard data, and, once the facilities for storing and using it were leased, the process of data collection began. An inventory of all office hardware was taken, paired down to the bare minimum, and backup devices were delivered to the secondary location. The plan also includes a list of all essential data and software needed to establish normal operations after the disaster. The data necessary for operations has been copied from the server, and it was removed to the prepared locations for storage. The software was preinstalled into the secondary site hardware at this time. This was the responsibility of the IT manager and his subordinates, and was undertaken immediately in order to guarantee the integrity of the DRP process. This phase passed with no errors being discovered, or issues arising within the workforce.

Maintain and Test Disaster Recovery Plan

Once the DRP was approved, the plan was implemented within the framework of the company, and the time came to train the workforce in its use by performing a battery of testing. A thorough regimen of testing was developed for the company, and a schedule for them to be performed has been created for management to follow. A year-end review of the plan is also scheduled, so that the DRP can be updated if appropriate. These tests not only showed the areas of concern within the plan itself, but helped the employees to feel more comfortable with the process. Each time the plan is enacted under testing conditions the employees will become more comfortable with the nuances, and mistakes made will be drastically minimized. This also allows for the plan to become second nature in the workplace, and will help to formulate a process by which the plan can be updated and maintained. There were no issues during the testing phase of the plan, and after management approval the next phase began.

Alleviate Owner/Investor Concerns

The DRP, once formulated and tested, has many goals and objectives, but none more important than alleviating the concerns of the owners, investors, and employees. The finalized plan was presented to upper management, the Board of Directors, and the DRP Committee. This presentation showed the company’s leaders exactly how the plan will save time and money in the event of a disaster. Once the facts and steps were disclosed, the leaders felt more at ease about capital investment and the future of the company’s assets. Knowledge is power and the DRP gave a sense of empowerment to the leaders, and this in turn filtered down to the workforce and fostered a sense of well-being amongst the rank and file.


Restore Day-to-Day Operations

The main purpose of any disaster recovery plan is the restoration of day-to-day operations. The most important question that a disaster recovery plan must answer is, “Will this plan restore day-to-day operations in a reasonable amount of time?” The DRP that has been formulated for the company answers “yes” to that question. The plan has set forth steps that, when followed to the letter, will quickly and efficiently restore operations to normal. This process was made easier due to the existence of a second server that can run all of the processes and applications the master server was responsible for, and the changeover will take far less time due to the plan’s order for a complete backup to be downloaded to the secondary server at close of business each day. The DRP outlines the procedures that, when followed correctly, will allow for the fastest return to normal operations.

Comply With Regulations

The DRP designed has taken into account all local, state, and federal regulations that may apply to the company’s day-to-day business model. Laws and regulations are not relaxed during a time of crisis, so when writing the DRP these rules have been accounted for. These regulations are listed within the plan, and all instructions and procedures have been written with these regulations in mind. The workforce can simply follow the steps detailed in the plan, and feel secure in the knowledge that all guidelines and regulations are being respected.

Conclusion

The disaster recovery plan is a thorough examination of all the possibilities brought about after a disaster, man-made or natural, has struck the company’s location. These goals and objectives are the culmination of the implementation of the plan during crisis. When completed successfully, these objectives will quickly restore the company’s normal business activities. The plan, when tested and maintained successfully, will safeguard the company, its assets, and employees for many years to come, and will allay the fears of the shareholders, investors, and leaders in the event of a disaster. These outcomes are the entire purpose of the disaster recovery plan.

Project Timeline

The disaster recovery planning phase is an intricate process that involves the completion of many steps before a finished product can be delivered. This timeline was produced before the process began, so there may be a need for revision once the process is underway. The revision of such projected timelines is not uncommon, but a great effort has been made to deliver a timeline with manageable milestones. The times listed, along with the milestones, are projected from the date the agreement for the development of the disaster recovery plan was signed.

Day One

  • Obtain Top Management Commitment
  • Schedule Interviews – Employee interviews must be completed by day two of the planning process.
  • Conduct On-Site Inspection of Technological Assets

All of the day one milestones were met with no issues. The commitment from management was readily given, and the interviews were scheduled without issue. The on-site inspections were performed in a timely manner.

Day Two

  • Interviewing Employees – All relevant staff must be interviewed by end of business. Any staff missing on this day will have to be contacted and interviewed remotely to insure their input is obtained.

The employee interviews were successfully completed on day two. There were no absences for the day, so all employees were spoken to, and all of their information gathered was used during the planning phases.

Day Three

  • Deliver Policy Statement
  • Deliver Revised Detail Work Plan – This is a rough outline of the work needed to complete the process. This is based on information garnered through the interview process and on-site inspection of systems.

The two documents promised for delivery on day three of the process were handed over to management for approval. The approval was given on the same day, and the planning phase moved on to the next step.


Day Seven

  • Security Assessment Report
  • Scope of Planning Effort

· Plan Framework – This will be the first rough outline of the disaster recovery plan management sees, and their input will assist in compiling the finalized plan.

The Security Assessment Report was delivered and accepted without incident. The scope of the planning and its framework were completed on time, but there were concerns on the part of management. The company felt that the plan was focusing too much on technology in another state. They believed that the secondary location was vulnerable due to its reliance on the server in another state for processing functions. It took time to explain the IT reasons for this, but once explanations were given the issue was resolved.


Day Fourteen

  • Business Impact Analysis Report – This report will include all of the findings made by disaster planners, and will give management access to the conclusions reached. The BIA will focus on the potential damage the company faces in the event of a disaster, and the steps to be taken to protect the company, its assets, and employees from harm.

The Business Impact Analysis is the first major milestone in the planning process. It is the keystone to the overall planning phase, and allowed for the creation of a directed, specific plan for the company. The analysis was completed in the allotted time, and there were no issues or delays during this phase.

Day Seventeen

  • Recovery Needs Profile
  • Plan Scope, Objectives, and Assumptions – The submittal of this information will aid the management group in understanding the plan in all its iterations. It will give a greater working knowledge of the ins and outs of the plan to be available to the decision makers in the company. This includes the what, why, and where of the specifics of the plan, and the assumptions the choices were based upon.

The Recovery Needs Profile was delivered on time and with no issues. The Plan Scope, Objectives, and Assumptions were created to educate the management group about the plan’s intentions and the assumptions that led to them. The meeting with management concerning this
portion of the planning went well, and by the close of the session the leaders were comfortable with the scope of the plan and the thought processes that created it. This was an important phase of the project, and once completed the plan took shape.

Day Twenty One

  • Data Center Recovery Plan – This submittal represents the fully realized version of the disaster recovery plan. Along with the Prototype Business Units Resumption Plan, this is the finished product that will be tested thoroughly in order to work out any issues that may be concealed within it.
  • Prototype Business Units Resumption Plan – See Data Center Recovery Plan

The Data Center Recovery Plan and the Prototype Business Units Resumption Plan were both delivered to management on day twenty one of the process. There were no issues with these two portions of the process, and the fully realized disaster recovery plan was approved and readied for testing.


Day Twenty Four

  • Testing Goals, Strategies, and Procedures – This milestone will deliver all elements of the testing program to the client company. The goals for the testing regimen will be clearly defined, and be coupled with strategies developed to obtain the best results possible from the tests. The procedures that will be used to test the plan will be documented at this time. These procedures will be a fully formed battery of tests, and instructions for their proper use will be included to facilitate employee participation.
  • Maintenance Procedures – The testing developed for the disaster recovery plan must be maintained over time to guarantee their efficacy in times of crisis. These procedures will be delivered at the same time as the testing procedures in order to more efficiently explain their use to the workforce of the company. This information will also include recommendations for a change management policy to be adopted by the company upon implementation of the overall disaster recovery plan.

The testing and maintenance regimens for the disaster recovery plan were completed and delivered on day twenty four. The testing program was explained in detail to management and the DRP Committee, and the schedule for testing was refined according to the company’s available open dates and times. The maintenance program was thoroughly discussed with the IT department, so that all necessary requirements were understood and agreed upon.

Day Twenty Five

  • Perform Battery of Tests

The testing was performed successfully. There were no major areas of concern raised by the testing, and the plan was successful in all of the areas of focus. The employees handled the stresses with no issues, and the systems went operational within 30 minutes of the start of the test. This was well ahead of the scheduled RTO, and proved the plan was as comprehensive and efficient as advertised.

Day Twenty Six

  • Analyze Testing Data

The testing data was analyzed to assess the overall performance of the plan, the employees, and the systems during a crisis. There were no major or minor errors found, or areas of weakness that had been overlooked. The data unequivocally proved that the DRP is viable and realistic. The plan is now fully implemented and ready for use if necessary.


Day Twenty Seven

  • Initial Test Report – This report will cover the results of the battery of tests run on the disaster recovery plan. These results will be used to further refine the overall plan to cover any inadequacies revealed by the testing.

The Initial Test Report was delivered to management on day twenty seven. The report laid out in detail the results from the test run of the plan, and summarized the analysis done on those results. It was clear from the analysis that the plan is ready for use, and fits the needs of the client company precisely. Management was impressed, and signed off on adoption of the plan with no hesitation.

Day Thirty

  • · Delivery and Implementation – The finalized plan, including all documentation and revisions, will be delivered to the company. The recommendations and modifications put forth by management and the testing regime will be fully incorporated in the plan, and no
    further revisions are necessary at this time. The maintenance schedule, if followed, will allow the plan to be adapted in the future to any changes made by the company to its workforce, its technology, or its location.

The finalized plan, along with all peripherals, was delivered to the company on day thirty. Management accepted the plan with enthusiasm, and agreed to the scheduled one year assessment of the plan by the designers to insure all is running smoothly. The plan in its final form has been passed on to the company, and the planning process is complete. The company was satisfied with the work done, the time it took to complete the work, and the project coming in on budget. The disaster recovery plan was a success.

Project Development

The Disaster Recovery Plan designed for the client company is a tool that when used properly will safeguard the employees, the data, and the systems needed for everyday operations.
The DRP is a comprehensive plan that attempts to predict and counteract the negative impacts of a natural or man made disaster upon the company’s ability to do business. This plan was created to do just that for the client company, and the finished product has been successfully tested under simulated conditions.

The disaster recovery plan formulated for the client company had many goals and objectives. The most important objectives were the alleviation of management concern and the efficient resumption of operations after an event. These goals were accomplished through careful planning and attention to detail. The project protects the systems and data the company needs to maintain operational status, and lays out instructions for all employees to follow should a disaster take place.

The formulation of the plan for the client was undertaken in phases. This allowed for greater attention to be given to each individual phase, and helped to minimize problems arising from overlooked or underappreciated nuances of the company’s processes. There were issues along the way, but the majority of the phases were completed and approved without incident. This was wholly due to the focus of the design team, and the scrutiny given to key components of the company’s business model.

The problems that arose during the planning, implementation, and testing of the disaster recovery plan were few in number and small in scope. The only major issue that had to be addressed was an overall lack of education when it came to technology. The management group understood the reasoning behind formulating a plan, but did not comprehend the technological details that would be instrumental in resuming business operations following a disaster or other event. This was rectified through intense discussions with the leadership concerning the systems used for processing company business, and the way these systems function independently and as a part of a larger overall operating system.

The finished disaster recovery plan did not differ in any major way from the proposal. The changes made to the finalized project were all minor, and centered on the lack of technological education among the workforce. The average employee did not understand the systems they used on a daily basis, so the DRP Committee’s role was expanded to include several seminars where all the questions raised by the testing regimen could be answered. This expansion of the responsibilities of the committee allowed the staff to direct their questions and concerns to a group of familiar faces, and freed up the designers to continue fine-tuning the plan so that all necessary goals were achieved.

The formulation of any complex plan will inevitably face requirements or component demands that were not anticipated. These issues must be resolved after they are identified. This
will often mean revisions to portions of the plan that are already completed. Any good plan must take this into account, and leave room for changes to be made. The planning phase included
questionnaires and interviews with employees in an attempt to minimize time lost to revising the plan. The plan ran into no requirements or components that were not expected and planned for. This allowed the plan formulated to be adopted in almost its original state.

The Disaster Recovery Plan designed for the client company has many actual and potential effects. These effects are a direct result of decisions made within the plan, or situations that may occur that could not be defended against due to budgetary constraints. The DRP relies on many of these effects to be a major part of the defense against negative impacts caused by a disaster. These are the actual effects the plan will cause. The potential effects are possibilities that may or may not help safeguard the company from calamity, but have been predicted and prepared for in any case.

The actual effects of the DRP created for the client company are all defenses against data loss, system malfunctions, and employee injury. Adoption of the plan means that in the event of a disaster scenario the workforce will follow all instructions to the letter. The formation of a DRP Committee will cause a shift in the powerbase of the company during an event. Employees who are members of the Committee will have greater responsibility before, during, and after a crisis. This has been explained to and accepted by the staff. The skeleton crew chosen to run the operational aspects of the company during an emergency will also be given greater responsibility in order to facilitate the decision-making processes vital in times of trial. These employees will
also be cross-trained in other aspects of the company’s business so they may handle all the duties they will be expected to perform in an event. This will cause some jealousy among the staff, but
should be easily explained away as necessity.

The DRP is specifically intended to cause certain effects. The obvious effects range from the movement of equipment, data, and staff to a secondary office space to the usage of the second server as the primary for operational processes. These are the obvious effects of the disaster recovery plan, but they make up only a small portion of the total effects of the plan. The DRP is intended to protect the company from harm, and many of its effects will be dedicated to accomplishing that mission. These effects occur because of the changeover the plan calls for, and range from a reduced workforce to transferal of main office responsibility to the secondary branch in another state.

The Disaster Recovery Plan designed and delivered to the client company was as successful as any plan created to combat a hypothetical situation can be. There will never be a perfect plan. Unexpected variables will always be an issue when formulating a plan of this type. The objective of the design is to predict as many harmful eventualities as possible, and attempt to mitigate the negative effects of each. This is not an easy task. There will be unforeseen issues that arise when the plan is put into action under stress, but the plan designed is as thorough and comprehensive as time and budget would allow.

The DRP is an effective, efficient defense against disaster. The company is well prepared for any eventuality with this plan as part of their company policy. It will assist the leadership of the business in their attempts to safeguard the company during crisis, and allow for greater comfort on the part of the staff, the management, and the shareholders. This is the main purpose of any good disaster recovery plan, and the one contained in this proposal is successful in that regard. It protects the data, calms the leadership, and directs the staff. There is nothing more that could be asked of a design team or a finalized plan.

References

Disaster Recovery Planning Process Pt. I
By Geoffrey H. Wold
http//www.drj.com/new2dr/w2_002.htm

Disaster Recovery Planning Process Pt. II
By Geoffrey H. Wold
http//www.drj.com/new2dr/w2_003.htm

Disaster Recovery Planning Process Pt. III
By Geoffrey H. Wold
http//www.drj.com/new2dr/w2_004.htm

Banking Industry and Disaster Recovery Planning
By Robert F Bronner Executive Vice President, SunGard Recovery Services Inc.
http//www.bankersonline.com/articles/sfpv04n11/sfpv04n11a16.html

Hot, Cold, and Warm Sites
By Darril Gibson July 17, 2011
http//certapps.com/2011/07/hot-cold-and-warm-sites/

Disaster Recovery Planning
by FEMA Official Website
http//www.ready.gov/business/implementation/IT

Disaster Preparedness And Recovery Plan Version 1.1
Sponsored by Counsel on Foundations, Community Foundation Leadership Team
(CFLT), Fiscal and Administrative Officers Group (FAOG), Program Network (ProNet)

Continuity of Operations (COOP)
FEMA
http://www.fema.gov/pdf/about/org/ncp/coop_brochure.pdf

Risk Assessment
FEMA
http://www.ready.gov/risk-assessment

Recovery Point Objective (RPO)
Janalta Interactive Inc. 2013
http://www.techopedia.com/definition/1032/recovery-point-objective-rpo

Recovery Time Objective (RTO)
Janalta Interactive Inc. 2013
http://www.techopedia.com/definition/24250/recovery-time-objective–rto

Cold Site
Janalta Interactive Inc. 2013
http://www.techopedia.com/definition/998/cold-site

Warm Site
Business Records Management
http://www.businessrecords.com/disaster-recovery-5/business-continuity-facilities-15/warm-backup-site-81/

Hot Site
Janalta Interactive Inc. 2013
http://www.techopedia.com/definition/24843/hot-site

Appendix 1: Capstone Competency Matrix
Appendix 2: Chief Executive Checklist
Appendix 3: Employee Contact List
Appendix 4: Department Instructions
Appendix 5: Chief Financial Checklist
Appendix 6: IT Director Instructions Second Location
Appendix 7: IT & Telecom Coordination Checklist
Appendix 8: Software Information
Appendix 9: Minimum Hardware Required
Appendix 10: Hardware Recovery Order
Appendix 11: HR Coordination Checklist
Appendix 12: PR Coordination Checklist
Appendix 13: Main Service Providers
Appendix 14: Vendor List
Appendix 15: Communication Information
Appendix 16: Pre-Evacuation Report
Appendix 17: Emergency Personnel Policy Statement
Appendix 18: Recovery Locations
Appendix 19: Activity & Needs (Sample)
GLOSSARY

Back to Top

Technology Disaster Recovery PlanFree Full PDF Download